Is there any way to restrict the use of VPN APPs by RouterOS?
All DNS filtering in this case ends up being circumvented with this security hole.
@marcelofares your battle against something that you do not want make available on your network is lost at the start,
if you do not have the full and unique control over all vevery single device and cable...
Because the network of these establishments is in my custody, therefore, who defines the access and blocking rules is the company, regardless of whether it is a HOTSPOT network or not.Not depend on RouterOS, but on how internet works.
Ever day are born dozen of methods for circumvent blocks.
If the users can connect to hotspot, why matter for you the security of user's device that not are under your control?
You have to understand that putting "people like you" out of their position to control what happens on the network has been the primary focus of internet development over the past years.Because the network of these establishments is in my custody, therefore, who defines the access and blocking rules is the company, regardless of whether it is a HOTSPOT network or not.
Well, I disagree with some comments.
From a Cybersecurity point of view, the more protections we have in our structures, better it will be for all of us, because, fewer problems we will have to solve. I also think that if we have custody of the company's network, regardless of whether it is an open network (HOTSPOT) or a server network, the hardening rules are created and defined by us. I also understand that it is humanly impossible for us to have a high degree of security at all perimeters, but as an specialist in this area, I know that, more layers of protection we have, will be better.
In the structure where I manage this network HOSTPOT, I have an NGF above RouteOS, and with the specific application blocking rules, I get a little more security in many points, not only in VPN APPS, but also in protocols, software and P2P ( TORRENT).
My purpose of this topic was to know if this application control that we find in an NGF, we can have inside a RouterOS.
How will blocking VPNs in any way improve security controls??I'm just trying to improve the security controls in my network. I'm referring to a public HOTSPOT network in this case, where I don't have control of the client's device, but I would like to restrict the network level (protocol) if possible,
I would just like the rules of networks to be imposed on everyone, even on open networks, in which they are subject to fraud, because of VPN APPs, but I've seen that an NGW is needed for that.How will blocking VPNs in any way improve security controls??I'm just trying to improve the security controls in my network. I'm referring to a public HOTSPOT network in this case, where I don't have control of the client's device, but I would like to restrict the network level (protocol) if possible,
Why do want "to restrict the network level (protocol) if possible"?
I'm just at a loss on how restricting VPNs will increase security on non-corporate devices...
This is one of the reasons I rarely use public WiFi...
Still.. Huh?
I would just like the rules of networks to be imposed on everyone, even on open networks, in which they are subject to fraud, because of VPN APPs, but I've seen that an NGW is needed for that.
When I refer to imposed rules, it would be rules that the user connected to this open network, due to the fragility of the network protocols, do not circumvent the DNS blocking / filtering rules.
I can't be negligent and not worry about open networks, and only worry about server and corporate networks. It is also necessary to deploy as much protection as possible regardless of the type of network to work with, in the case of a public (open) network we are talking about.